package com.sys.gradepaysys.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	

	@Resource
	private MyUserDetailServiceImpl myUserDetailService;
	@Resource
	private LoginSuccessHandler loginSuccessHandler;
	
	
	@Override
	public void configure(WebSecurity web)throws Exception {
		// 设置不拦截规则
		 web.ignoring().antMatchers("/bootstrap-4.6.2/**","/css/**","/js/**","/images/**","/echarts/**","/jquery/**","/WEB-INF/templates/login.html","/student/registerAdd","/loginPage"
				 ,"/event/getClazz","/event/getGrade","/event/supportEvent","/event/toPay","/student/getStuOneList");  
	}
	
	@Override
	protected void configure(HttpSecurity security) throws Exception {
		security.formLogin()
				.loginPage("/loginPage") // 一定要和 Controller 中 返回 myLogin页面 一致，
				.loginProcessingUrl("/loginIn")
				.successHandler(loginSuccessHandler)
				.failureUrl("/loginPage?error=true")
				.and().authorizeRequests()
				.antMatchers("/register.html").permitAll()
				.antMatchers("/loginPage").permitAll()
				.antMatchers("/toRegister").permitAll()
				.antMatchers("/toProgram").hasAnyRole("User")
				.anyRequest().authenticated()
				.and().logout().invalidateHttpSession(true).logoutSuccessUrl("/loginPage")

				.and().csrf().disable();// 这个是 登录成功后返回的界面



	}
	
		
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth)
			throws Exception {
		auth.userDetailsService(myUserDetailService);
		
	}
	
	
	
}
